WP-Safety

Dynamic Front-End Heartbeat Control Security & Risk Analysis

wordpress.org/plugins/dynamic-front-end-heartbeat-control

An enhanced solution to optimize the performance of your WordPress website and automatically achieve the best Heartbeat API values.

1K active installs v1.2.998.1 PHP 7.2+ WP 5.5+ Updated Mar 7, 2026
admin-ajaxheartbeatheartbeat-apiperformancesite-health
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Dynamic Front-End Heartbeat Control Safe to Use in 2026?

Generally Safe

Score 100/100

Dynamic Front-End Heartbeat Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The dynamic-front-end-heartbeat-control plugin, version 1.2.998.1, exhibits a mixed security posture. While it demonstrates good practices in areas like the extensive use of prepared statements for SQL queries (95%) and a significant number of capability checks (8), notable concerns arise from its attack surface. A substantial portion of its AJAX handlers (3 out of 8) and all of its REST API routes (3 out of 3) lack proper authentication or permission callbacks, presenting clear entry points for unauthorized actions. Furthermore, the presence of the `shell_exec` function signals a potential for severe code execution vulnerabilities if not handled with extreme care, although the taint analysis did not reveal any critical or high-severity issues in this specific version. The absence of any recorded vulnerabilities in its history is a positive indicator, suggesting a generally stable codebase. However, the identified unprotected entry points and the presence of dangerous functions warrant careful consideration and remediation.

Key Concerns

  • AJAX handlers without auth checks
  • REST API routes without permission callbacks
  • Presence of dangerous function: shell_exec
  • Output escaping not properly handled in 38% of cases
Vulnerabilities
None known

Dynamic Front-End Heartbeat Control Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Dynamic Front-End Heartbeat Control Release Timeline

v1.2.998.1Current
v1.2.998
Code Analysis
Analyzed Mar 16, 2026

Dynamic Front-End Heartbeat Control Code Analysis

Dangerous Functions
2
Raw SQL Queries
4
72 prepared
Unescaped Output
52
85 escaped
Nonce Checks
7
Capability Checks
8
File Operations
11
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

shell_exec$out = @shell_exec('LANG=C uptime 2>&1');engine\server-load.php:322
shell_exec$out = @shell_exec($cmd);engine\system-load-fallback.php:109

SQL Query Safety

95% prepared76 total queries

Output Escaping

62% escaped137 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
dfehc_set_user_cookie (visitor\cookie-helper.php:492)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Dynamic Front-End Heartbeat Control Attack Surface

Entry Points11
Unprotected6

AJAX Handlers 8

authwp_ajax_dfehc_optimizeadmin\ajax-handler.php:12
authwp_ajax_get_server_loadengine\server-load.php:550
noprivwp_ajax_get_server_loadengine\server-load.php:554
authwp_ajax_dfehc_pingengine\server-response.php:574
noprivwp_ajax_dfehc_pingengine\server-response.php:576
authwp_ajax_dfehc_update_heartbeat_intervalheartbeat-controller.php:575
noprivwp_ajax_dfehc_update_heartbeat_intervalheartbeat-controller.php:576
authwp_ajax_dfehc_widget_refresh_statswidget.php:649

REST API Routes 3

GET/wp-json/dfehc-unclogger/v1/get/defibrillator\unclogger.php:204
GET/wp-json/dfehc-unclogger/v1/optimize-db/(?P<tool>[^/]+)defibrillator\unclogger.php:210
GET/wp-json/dfehc-unclogger/v1/set/defibrillator\unclogger.php:222
WordPress Hooks 37
actionadmin_initadmin\affix.php:12
actionadmin_enqueue_scriptsadmin\asset-manager.php:12
actioninitadmin\heartbeat-config.php:12
filterheartbeat_settingsadmin\heartbeat-config.php:13
filterdfehc_contextual_load_valueadmin\heartbeat-config.php:14
actioninitadmin\heartbeat-config.php:19
actionadmin_menuadmin\unclogger-menu.php:12
actionadmin_menuadmin\unclogger-menu.php:13
filteradmin_footer_textadmin\unclogger-menu.php:14
filterupdate_footeradmin\unclogger-menu.php:15
actionrest_api_initdefibrillator\unclogger.php:55
actiondfehc_async_optimize_alldefibrillator\unclogger.php:270
actiondfehc_log_server_load_hookengine\server-load.php:497
actioninitengine\server-load.php:552
filtercron_schedulesengine\server-load.php:611
actioninitengine\server-load.php:665
actioninitheartbeat-async.php:390
filtercron_schedulesheartbeat-async.php:649
actionwp_default_scriptsheartbeat-controller.php:75
actionwp_enqueue_scriptsheartbeat-controller.php:183
filterheartbeat_settingsheartbeat-controller.php:614
actionwp_logoutheartbeat-controller.php:641
filterpre_update_option_dfehc_optimization_frequencysettings.php:40
filtercron_schedulessettings.php:41
actiondfehc_periodic_optimizationsettings.php:42
actionadmin_headsettings.php:71
actionsend_headersvisitor\cookie-helper.php:646
actionuser_registervisitor\manager.php:158
filtercron_schedulesvisitor\manager.php:178
actioninitvisitor\manager.php:244
actiondfehc_process_user_activityvisitor\manager.php:286
actionwpvisitor\manager.php:429
actiondfehc_cleanup_user_activityvisitor\manager.php:491
actiondfehc_reset_total_visitors_eventvisitor\manager.php:638
actioninitvisitor\manager.php:681
actionadmin_enqueue_scriptswidget.php:33
actionwp_dashboard_setupwidget.php:713

Scheduled Events 12

dfehc_async_optimize_all
dfehc_log_server_load_hook
dfehc_periodic_optimization
dfehc_process_user_activity
dfehc_process_user_activity
dfehc_cleanup_user_activity
dfehc_cleanup_user_activity
dfehc_cleanup_user_activity
dfehc_reset_total_visitors_event
dfehc_reset_total_visitors_event
dfehc_reset_total_visitors_event
dfehc_reset_total_visitors_event
Maintenance & Trust

Dynamic Front-End Heartbeat Control Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 7, 2026
PHP min version7.2
Downloads13K

Community Trust

Rating96/100
Number of ratings12
Active installs1K
Alternatives

Dynamic Front-End Heartbeat Control Alternatives

Heartbeat Controller

Heartbeat Controller

heartbeat-controller

A
100

Control WordPress Heartbeat API to reduce load. Allow, disable, or set custom frequency for Dashboard, Post Editor, and Frontend.

800 No CVEs
Heartbeat Control

Heartbeat Control

heartbeat-control

A
85

Allows you to easily manage the frequency of the WordPress heartbeat API.

80K No CVEs
Native Performance

Native Performance

native-performance

A
92

Improve the performance of your WordPress: Reduce load times, solve common errors and more using the Native Performance plugin.

10 No CVEs
Performance Lab

Performance Lab

performance-lab

A
100

Performance plugin from the WordPress Performance Team, which is a collection of standalone performance features.

200K 1 CVE
DiveWP – Boost Site Performance with Clear, Actionable Steps

DiveWP – Boost Site Performance with Clear, Actionable Steps

divewp-boost-site-performance

A
100

Learn WP Best Practices Through Your Own Site! Get clear insights about Performance, Security, and Best Practices – explained in plain English.

200 No CVEs
Developer Profile

Dynamic Front-End Heartbeat Control Developer Profile

Codeloghin

1 plugin · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Dynamic Front-End Heartbeat Control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dynamic-front-end-heartbeat-control/js/heartbeat.min.js
Version Parameters
dynamic-front-end-heartbeat-control/heartbeat-controller.php?ver=heartbeat.min.js?ver=

HTML / DOM Fingerprints

JS Globals
dfehc_heartbeat_vars
REST Endpoints
/wp-json/dfehc/v1/heartbeat
FAQ

Frequently Asked Questions about Dynamic Front-End Heartbeat Control